PHIL168 VIP Login,Wj casino app.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved mattyl
(@mattyl)

6 years, 5 months ago

Like others, this plugin is showing spam ads

there must be a security hole allowing the spammers to alter the settings for the checkout, cart etc banners

do not install until either this is fixed or this is found to be active on the part of the developers.

there are only a couple of reports, so this may be an issue with latest version.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Dotstore
(@dots)

6 years, 5 months ago

Hello,

Thanks for getting in touch with us.

Can you please provide us a screenshot of the issue which you are facing. Because for the first time we have faced this type of issue. So that we get a clear idea of your issue and give you the possible solution.

Thank You,
Multidots.

Thread Starter mattyl
(@mattyl)

6 years, 5 months ago

we removed the plugin as it is either insecure or malware.
like other users – google wbm_banner_image to see
our banner settings had been updated with information from the spammers. As nothign else on the server was compromised and its the exact same image as other compeltely random users. The issue is going to be either – your admin code is poorly written so the spammers can inject their mysql into it, or you are acting on behalf of them

good luck.

Plugin Author Dotstore
(@dots)

6 years, 5 months ago

Hello,

We have resolved the issue which you are talking about. Kindly download the latest version of the plugin and please review it.

Please let us know if you are facing the same issue.

Thank You,
Multidots.

Farbweiss
(@farbweiss)

6 years, 5 months ago

Can you please provide us a screenshot of the issue which you are facing. Because for the first time we have faced this type of issue.

Why are telling that this is new to you? You have been told about the security problems some time ago!
https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/

In the changelog of version 1.1.1 of this plugin you wrote:
——————————–
= 1.1.1 – 29.05.2018 =
* Fixed vulnerable code issue
* Compatible with WordPress 4.9.x and WooCommerce 3.4.x
——————————–

Now this info is gone in latest version 1.1.2.
this is the “clean” changelog now…
——————————–
1.1.2 – 19.06.2018
Normal Bug Fix
1.1.1 – 29.05.2018
Normal Bug Fix
——————————–
This does not help people! You should tell about the problems the plugin had, provide a fix and give people a change to update to latest versions. Do not try to HIDE serious security issues! Because this only raises distrust.

The exploit is out there and is IN USE. https://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin/

thedotstore
(@thedotstore)

5 years, 11 months ago

Hello there!

Hope you are doing well! The plugin is now updated and working fine!

The plugin is safe to download and use, it is all up to date with the latest version. The plugin also received a positive response from the customer.

Please download the updated version and let us know if you need any further assistance.

Happy to help! Thanks & regards,

thedotstore support team

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘warning – SPAM SPAM’ is closed to new replies.